include::../description.adoc[]

== Noncompliant Code Example

[source,kotlin]
----
fun encrypt(key: ByteArray, ptxt: ByteArray) {
    val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // The initialization vector is a static value

    val gcmSpec  = GCMParameterSpec(128, nonce) // The initialization vector is configured here
    val skeySpec = SecretKeySpec(key, "AES")

    val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec) // Noncompliant
}
----

== Compliant Solution

[source,kotlin]
----
fun encrypt(key: ByteArray, ptxt: ByteArray) {
    val random: SecureRandom = SecureRandom()
    val nonce: ByteArray     = ByteArray(12)
    random.nextBytes(nonce) // Random 96 bit IV

    val gcmSpec  = GCMParameterSpec(128, nonce)
    val skeySpec = SecretKeySpec(key, "AES")

    val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec)
}
----

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::./highlighting.adoc[]

endif::env-github,rspecator-view[]